CVE-2024-54225
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 9, 2024
CWE ID 98
Summary
CVE-2024-54225 is a new vulnerability affecting the CodegearThemes Designer software. This issue involves improper control of filenames in PHP include/require statements, leading to a Local File Inclusion (LFI) vulnerability. An attacker could potentially exploit this vulnerability to gain unauthorized access to sensitive files or execute malicious code on the affected system. The Designer software, from an undisclosed version up to 1.3.3, is susceptible to this issue. Users are advised to update to a patched version as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share